Mark Wrighton

OSINT Basics for Financial and Retail Property Crimes Investigations This exclusive 3.5-hour OSINT training, hosted in partnership with the Financial & Retailers Protection Association (FRPA), is designed to enhance your investigative skills in combating financial fraud. Kirby Plessas, a leading expert in #OSINT with a background in military intelligence and corporate investigations, will provide practical techniques to help financial professionals detect fraudster communications and monitor criminal activity online. (FRPA members, check for a discount) What You’ll Learn: 🔹 Understanding Fraudster Communications – Learn how criminals use social media and open sources to coordinate fraud and exploit financial systems. 🔹 Applying OSINT in Financial Investigations – Discover how public data supports KYC (Know Your Customer) processes, enhances due diligence, and helps identify suspicious activities. 🔹 Social Media Monitoring for Fraud Trends – Develop strategies to track and analyze criminal behavior across platforms, gaining insight into emerging fraud tactics. 🔹 Real-World OSINT Techniques – Get hands-on experience using practical tools for online investigations, enabling you to uncover, verify, and act on critical intelligence. 🔹 Best Practices for Financial Institutions – Understand how OSINT strengthens investigative capabilities, improves fraud prevention efforts, and supports regulatory compliance. https://lnkd.in/g7bN_Fg6

48

1 Comment

I had a good conversation with Lindsey O'Donnell-Welch from Decipher on measuring the financial impact of security incidents. While the soft costs like brand and reputation remain elusive at best, when speaking with our customers at Empirical Security, we have seen a lot of improvement on how they are tying things not only to likelihood, but overall impact by mapping these events to the business. https://lnkd.in/gvcNSssT

30

As regulatory demands including GDPR, UK GDPR and NIS2 grow in complexity, so do the challenges of staying compliant. That’s why we have launched an enhanced suite of data compliance tools designed to give businesses control, confidence and clarity. The Fieldfisher Data Compliance Manager is a secure, cloud-based platform that helps organisations manage data breaches, respond to DSARs, conduct DPIAs and TIAs and meet NIS2 requirements - all in one place. 💡 Built on Lawcadia ISO 27001-certified platform, this solution enables organisations to: ✅ Automate compliance workflows ✅ Track activities and generate audit-ready reports ✅ Access 24/7 expert legal guidance ✅ Operate outside traditional IT infrastructure for resilience Whether you're preparing for new regulatory frameworks or strengthening existing processes, the Data Compliance Manager is built to support your compliance journey - seamlessly, securely and smartly. 🔗 Learn more: https://ow.ly/PmCy50VT42s #DataCompliance #GDPR #CyberSecurity #LegalTech #NIS2 #PrivacyCompliance #Fieldfisher #Lawcadia #LegalInnovation

49

🚨 How prepared is your organisation when a cyber incident strikes? Every second counts and every decision matters. Just reviewed our Incident Management Policy framework designed to help organisations detect, respond to, and recover from cybersecurity incidents swiftly and effectively. 📘 This document outlines: ✅ Incident lifecycle: Identification → Containment → Eradication → Recovery ✅ Roles & responsibilities across IT, SOC, Management & Legal ✅ Severity classifications: Minor breach vs Major security event ✅ Communication & escalation protocols ✅ Post-incident analysis & reporting processes ✅ Compliance with ISO 27001, NIST, and GDPR reporting timelines 💡 Whether you’re a startup or enterprise, having a clear and tested incident response policy isn’t optional it’s the difference between resilience and chaos. 🧰 Use this as a blueprint to build or refine your own playbook. Credit: MoS #IncidentResponse #CyberSecurity #GRC #ISO27001 #NIST #RiskManagement #SOC #DataBreach #Compliance #InformationSecurity #CISO #BusinessContinuity #CyberResilience

166

3 Comments

Key Consent Related Changes in the UK Data (Use and Access) Bill: Automated Decision-Making (ADM): The Bill narrows the scope of Article 22 of the UK GDPR on ADM, stating the prohibition only applies to automated decisions based partly or entirely on special category data. Safeguards (transparency, human review, etc.) still apply universally to all automated decisions. Adequacy Decisions: The new Bill reduces the standard for adequacy decisions from the EU’s “essential equivalence” to "not materially lower" protection. This less rigorous standard has sparked concerns regarding future adequacy status with the EU. PECR Enforcement and Fines: Previously capped at £500,000, fines under the Privacy and Electronic Communications Regulations (PECR) are raised to GDPR levels - up to £17.5 million or 4% of worldwide turnover. These significant penalties now align closely with the severity of GDPR fines, significantly increasing compliance pressure. PECR Consent Exemptions: A notable change aimed at reducing the need for cookie banners: Statistical Cookies: Cookies solely for statistical improvements to the service are exempt, provided clear transparency and an opt-out are available. Consent remains required for automatic transmission of data. Preference Cookies: Cookies that adapt website appearance or functionality based on user preferences also receive exemption under similar transparency and opt-out conditions. Definition of Scientific Research: Broader definition of scientific research to include processing for any research reasonably described as scientific, regardless of whether it's publicly or privately funded. Additional Consent-Related Insights from the Bill: The Bill explicitly focuses on improved transparency, accuracy, and informed consent mechanisms, reinforcing obligations to provide clear information about data usage. Regulations may include detailed procedures for obtaining explicit user consent and clarity on how consent can be withdrawn. It emphasizes clearer rules about personal data processing and the obligations of controllers to handle consent transparently. Practical Implications for Businesses: Businesses must reassess their consent mechanisms, particularly for cookies, trackers, and automated decisions based on sensitive data. Companies heavily reliant on digital marketing must urgently adapt to higher fines for non-compliance and stricter consent conditions under PECR. Organizations involved in scientific research must clearly delineate consent processes under the newly expanded definition of research. Recommendations: Implement robust consent management tools explicitly designed to meet transparency and opt-out conditions. Regularly review data collection methods to ensure alignment with these refined regulatory standards. Strengthen internal training and compliance auditing mechanisms to manage the increased risk of severe penalties effectively. #UK #DataBill #UKGDPR #PECR #Privacy #Compliance

17

6 Comments

50 in 5 - Auror’s New Mission! Over the past decade, we’ve focused on helping retailers and law enforcement understand the true problem and scale of retail crime. We built a community that is now effectively working together to tackle retail crime and collaborating to focus on high-harm, repeat offenders. But our work is just beginning and it’s time to update our mission with a renewed purpose as we build the next generation of technology for public safety: 🚨 Reducing violent retail crime by 50% in 5 years. 🚨 We know that globally, 1 in every 10 retail crime events involves assault, aggression or weapons. We also know that 10% of offenders are responsible for 60% of retail crime, and these prolific, repeat offenders are 3x more likely to be violent in stores. This mission is about people. It’s about keeping frontline retail workers safe, creating safer stores, and reviving our communities. We’re working closely with our retail and law enforcement partners to drive real, measurable change and I’m excited to keep sharing our progress and the all tech innovation we’ll be bringing to this challenge. Let’s get to work. #RetailCrime #PublicSafety #50in5

211

17 Comments

It looks like the UK's 𝗗𝗮𝘁𝗮 (𝗨𝘀𝗲 & 𝗔𝗰𝗰𝗲𝘀𝘀) 𝗕𝗶𝗹𝗹 could be passed in April/May, bringing with it amendments to UK GDPR, DPA 2018 and PECR. I've taken a look at some of the key changes which lie ahead - just a top-level summary, and by no means comprehensively covering the extent of what the Bill covers. Many thanks to Steve Wood, Ellie Blore & Chris Combemale for you insightful contributions. ☛ UK data reform https://lnkd.in/eWUzRuQc

83

5 Comments

🤯 Both cybercrime and fraud are already trillion dollar industries. With recent cyberattacks against Marks and Spencer, Jaguar Land Rover...., it only goes to show the RISING cost of cybercrime and fraud. No industry is "hack proof". No sector is "too big to fail". No business is "100% secure". [1] Cybercriminals are not only threatening companies for ransom. [2] They are bribing others to extort the company executives. [3] They are threatening to feed data to public AI models. This is no longer just triple extortion. 🚨This is breaking of TRUST in society. 🚨This is breaking of TRUST in critical infrastructure. 🚨This is breaking of TRUST in the economy and our industries. So how do YOU rebuild this TRUST in the ERA OF AI? What an honor to be speaking soon in ABU DHABI, UAE at none other than one of the largest Audit, Anti-Fraud and IT Congress by UAE IAA on... Rebuilding Trust in The Era of Trillion-Dollar Fraud After North America, South America, Asia, Europe, it's time to travel to Middle East. UAE, here I come!

68

18 Comments

Marks & Spencer Cyberattack Spurs Operational Overhaul Marks & Spencer faced significant operational disruptions following a severe cyberattack on Easter Saturday, incapacitating its online clothing operations and forcing a shift to manual processes. The breach, traced to the hacking group Scattered Spider via a third-party contractor, led to an estimated weekly £25 million loss in online clothing orders and a projected £300 million hit to annual profits. Despite prior investments in cybersecurity, the incident highlighted vulnerabilities, prompting CEO Stuart Machin and Chairman Archie Norman to emphasize resilience and a commitment to regaining lost ground, particularly in the clothing segment. Read more: https://buff.ly/tLJQpws ERA Group assists retailers in strengthening cybersecurity measures and operational resilience. Let's discuss strategies to safeguard your business. #Cybersecurity #RetailResilience #DigitalTransformation #ERAGroup

9

Ministry of Justice UK investigates after The Legal Aid Agency hit by data breach. The LAA said it’s possible that payment information may have been accessed. https://lnkd.in/ey2yHNq6 #databreach National Crime Agency (NCA) National Cyber Security Centre Jonathan Lee Trend Micro #cybersecurity #cyberattack #publicsector

11

BREAKING NEWS The CMA has launched its first investigation under the DMCC’s new consumer enforcement regime, placing eight businesses under scrutiny for their online pricing practices. A further 100 businesses have received advisory letters relating to fees and sales tactics. Is your compliance in order? Nuix solves the problem of rapidly investigate, analyse and understand their data in a legally defensible manner to meet regulatory requirements across compliance, consumer protection, DSAR and eDiscovery. Find out more about our work with regulators in the comments below. #Nuix #DigitalInvestigations #Data #AI #Compliance #ConsumerProtection #DMCC #DSAR #eDiscovery #legal https://lnkd.in/eMG5mZn2

16

1 Comment